SEP Immutable Backup Solutions

Ransomware protection for SEP sesam Backups

Situation - Threat situation continues to rise

The BSI (German Federal Office for Information Security) concludes in its report on the state of IT security in 2023 "The threat in cyberspace is higher than ever before... Ransomware is and remains the biggest threat. The BSI has observed a shift in cyberattacks using ransomware: The focus is no longer only on large, financially strong companies, but increasingly also on small and medium-sized organisations as well as state institutions and municipalities." (Source BSI; https://www.bsi.bund.de/DE/Service-Navi/Publikationen/Lagebericht/lagebericht_node.html )

According to the BSI, a quarter of a million new malware variants were found every day during the reporting period and around 21,000 infected systems were identified every day.

The number of ransomware victims worldwide rose by almost half in the first six months of 2023 compared to the second half of 2022 (analysis by security provider Trend Micro).

Worldwide, 66% of companies were affected by ransomware (Sophos Ransomware Report 2023).

The threat level is very high and therefore requires increased protective measures, including the protection of backup data.

Risk scenarios: Danger to administrator access to the backup server

Attackers typically compromise multiple accounts in an attempt to gain access to administrator accounts to launch the ransomware. Targeted administrator accounts include backup administrator credentials, which provide a backdoor to access relevant environment data stored in a single location. The backup environment provides a good starting point as the backup server has access to critical systems such as the virtualisation environment and storage locations. 

Overview of SEP Immutable Backup Solutions

SEP immutable Storage (SiS)

Blocky4sesam ™

S3 Object Lock

for Linux environments

for Microsoft Windows environments

for S3 Cloud Storage

SEP sesam immutable Storage (SiS)

Ransomware protection for SEP sesam Backups in Linux environments

Special ransomware protection: SEP Immutable Storage (SiS) offers a file storage function that is resistant to ransomware attacks and is based on sesam's own deduplication technology "Si3 NG" for Linux. Backups are increasingly becoming one of the targets of attacks, so that backups could be deleted, modified or encrypted in these ransomware attacks. 

SiS is a very effective protection against ransomware attacks because even with full admin access to the SEP sesam Backup Server, attackers cannot delete, modify or encrypt the data stored on SiS.

SEP Immutable Storage, also called Si-Storage or SiS, protects your SEP sesam backup data!

SiS – Backup data remains unchanged in every attack

SEP sesam Immutable Backup for direct-attached Linux file system storage ensures that stored data remains completely static in its original and unaltered form throughout its lifetime. This means that organisations can quickly recover from a ransomware attack, even if you have lost access to your data and servers, by using stored data copies that have remained unchanged and intact to restore the entire operating environment.

With SiS, even with full admin access to the SEP sesam backup server, the attackers cannot delete the backup data or modify or encrypt it in any way. So it doesn't matter if the attacker has gained control of your backup servers, as you always have the uncompromised data and it can be used to restore your entire environment. SiS is based on the Si3 NG Deduplication Store for Linux. The new SiS functionality also offers integrated security functions to maintain data integrity, such as a WORM function (Write-Once-Read-Many), definable immutability (retention time to be set), audit logs, etc.

Based on the File Protection Service (FPS), which scans the file system and sets the immutable bit for all new objects, all data stored on SiS is marked as immutable at the time of storage and can no longer be changed. No object stored on SiS can be changed in any way: It cannot be renamed or removed, no links to these objects can be created, and its metadata cannot be accessed or changed. Objects with unchangeable attributes can only be displayed in read mode.

SiS is a storage location that can be written to once and read as often as necessary. This applies to all media pools that are connected to the SiS data storage.

SiS - Highlights at a glance

 

Resistant to ransomware attacks
Immutability ensures that the data is static, unchangeable and cannot be deleted. Attackers can therefore not change, encrypt or delete it, even if they have gained access to your backup environment.

Resistant to human error & malicious insider threats
No one on the inside, regardless of their role in the company and their user status, can manipulate or delete the data either intentionally or accidentally.

Ensuring compliance with data security and compliance regulations
SiS can ensure that the data is stored in accordance with industry requirements and legal regulations by guaranteeing the immutability and authenticity of the data. The immutability guarantees the integrity of the data and its deletion after a certain period of time (retention time to be set).

Legal obligation to retain data
Ensures data authenticity in the event of legal disputes and the secure keeping of sensitive information for a certain period of time.

 SiS – Functionality

The Si3 NG Deduplication Store must be set up on a dedicated Linux server with SEP sesam installed and connected directly to the SEP sesam Server via TCP network access to protect it from attacks via VM access.

Remote access is protected
If SSH access to the SiS server is enabled, completely different login credentials than the SEP sesam Admin and Server Root must be used so that they cannot be compromised and stored in a remote location to which the SEP sesam Server has no access. Robust authentication and authorisation must be observed together with the Principles of least Privilege and Separation of Duties (SOD). It is recommended that SEP sesam components only communicate via a restricted TCP port using non-root credentials.

Immutable data
Controlled access with flexible data retention time setting, while the objects are WORM protected and immutable so that access to the data is restricted - The data cannot be modified, encrypted or deleted.

No access authorisation
Once the immutability period is set, not even privileged accounts, such as an authorised backup administrator, can change, prematurely expire or delete the retention.

Assured data integrity
Each object stored on SiS has its own hash value, which is based on its content and ensures its integrity. When updated data is stored in an immutable file system, it is stored in a new location so that only the changed block is written and the metadata of the file location is updated. In this way, the data in an immutable file system remains the same, while the metadata changes over time.

Guaranteed immutability through SiS
The immutability of SiS is based on the underlying file system. If old backup data is moved from SiS to another storage, e.g. to a cheaper archive storage in the cloud or to tape, SEP sesam no longer has ownership of the data, which is now located in a domain of the selected storage, and immutability is no longer guaranteed by SEP sesam.

What is supported with SiS?

SiS supports all backup task types otherwise supported by SEP sesam:

Blocky4sesam™

Fully integrated ransomware protection for SEP sesam backups in Microsoft Windows environments

Ransomware protection with Blocky4sesam™

Backups are a key area of ransomware protection for companies, as cyber attacks are usually aimed at destroying backup data. With Blocky4sesam™, you are opting for reliable protection of your SEP sesam backups against ransomware - secure, fully integrated and without any annoying administration effort for your Windows systems.

Proven technology in use against ransomware
It happens again and again that malware overcomes generic protection programmes. In this case, Blocky4sesam™ forms the last and most secure line of defence against your data, against which the malware bounces off. The effective protection of Blocky4sesam™ is guaranteed by a security module. As a gateway to the data, it enables access to you in the first place - and of course only for authenticated processes. There is therefore no way through this gateway for malware. 

The ransomware protection is based on the proven application whitelisting (as recommended by the BSI) technologies from GRAU DATA and is specially tailored for integration into SEP sesam backup solutions and prevents any changes to the data without explicit authorisation. Blocky uses the application fingerprint to identify authorised processes. Unauthorised access is also logged and reported to the administrator. In addition, the instant copy function creates automatic backup copies to prevent any loss of data. Blocky4sesam™ protects against malware even if it has penetrated the programme and the Blocky software has been damaged. Blocky4sesam™ thus forms a secure shield for your data in Windows systems. With just a few clicks, you are protected and cyber criminals have no chance of manipulating your backup data.

Blocky4sesam™ - last line of defence

Blocky4sesam™ is the last line of defence to protect your backups from the ever-growing threat of ransomware. Even after a successful attack on your network, all data in the backup remains intact and damage caused by ransomware is minimised.

Read our Factsheet now

Advantages at a glance

Secure data protection against ransomware and malware

Protects Windows NTFS volumes and ReFS volumes of the SEP sesam Server

Application whitelisting

Application fingerprint for process identification

Real-time monitoring and reporting

Targeted protection by focussing on specific workspaces

Significantly simplified configuration

Security module for optimum self-defence of the data

Watch our webinar on "Ransomware protection for backups" on demand now!

... and learn more about Blocky4sesamTM and SEP immutable Storage (SiS).

WATCH NOW

Immutability for S3 Cloud Storage - S3 Object Lock

Immutable Storage of S3 – Protects the data on the S3 storage

SEP sesam supports the Object Lock feature to protect data from modification or deletion when you back up your data to Amazon S3 cloud storage, Wasabi cloud storage or another S3-compatible cloud implementation. Object Lock is a data protection function that allows you to customise the immutability of the backup objects. The retention time can be set for a fixed period or indefinitely (Lock Retention) and no one can change, delete or overwrite a backup object until its retention time has expired.

SEP sesam Download - Test your backup solution now for free!

Test the SEP sesam full version including demo support for 30 days & convince yourself of the performance of our data backup solutions

Try free for 30 days